Educause Security Discussion mailing list archives
Re: Amazon Web Services - Can you log the infrastructure?
From: Karl Bernard <karl.bernard () GMAIL COM>
Date: Wed, 20 Feb 2013 14:26:55 -0600
I received a suggestion to take a look at AWS Identity and Access Management (IAM), and although it looks promising, I looked over IAM and found these unfortunate answers in the FAQ: Q: Will AWS Identity and Access Management administrative actions be logged to an audit trail?No. This is planned for a future release.Q: Will user actions in AWS services be logged to an audit trail?No. This is planned for a future release http://aws.amazon.com/iam/faqs/#Will_Identity_and_Access_Management_administrative_actions_be_logged_to_an_audit_trail This makes it problematic for us - hopefully someone else has some kind of workaround or well-worded risk acceptance we can look at. Our customers are quietly asking to use cloud services now, but I suspect there will be an all out clamoring before long, so we hope to have some kind of workable answer soon so we can get ahead of things. Thanks, Karl On Wed, Feb 20, 2013 at 10:33 AM, Karl Bernard <karl.bernard () gmail com>wrote:
We (IT Security) have been asked to work on a project to do a POC setup of an AWS Virtual Private Cloud (VPC) that will in turn be IPsec tunneled back to our infrastructure using a Cisco ISA. We're slowly working our way through that part, but my biggest question is that when I was looking at the AWS management console, I couldn't find any activity logs for who's logged into the management console and what changes have been made. Does anyone know if this is available, or where I can find it if I've overlooked it? Ideally, we would like to see those logs come back to our 'real' network via syslog through the VPN tunnel, or via some kind of secure log streaming from AWS itself. Related to this - has anyone setup a HIPAA-compliant VPC with AWS or with any other cloud infrastructure vendors? Thanks for your input, Karl Bernard Senior Information Security Analyst UTHealth, Academic Health Center at Houston
Current thread:
- Amazon Web Services - Can you log the infrastructure? Karl Bernard (Feb 20)
- Re: Amazon Web Services - Can you log the infrastructure? Karl Bernard (Feb 20)
- Re: Amazon Web Services - Can you log the infrastructure? Joel Rosenblatt (Feb 20)
- Re: Amazon Web Services - Can you log the infrastructure? Karl Bernard (Feb 20)